• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

[Solved] Cisco VPN Client on Windows 7 breaks IPv6 tunnel

Started by reviczky, April 24, 2010, 10:08:48 AM

Previous topic - Next topic

reviczky

Hi,

I have a Windows 7 (32-bit) machine and had ipv6 running until it recently stopped and now I can't create a tunnel anymore.


PS C:\Windows\system32> ipconfig

Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . : customer.arcade.opal.lan
  Link-local IPv6 Address . . . . . : fe80::bc0a:ae65:9b67:2f5e%11
  IPv4 Address. . . . . . . . . . . : 10.138.1.201
  Subnet Mask . . . . . . . . . . . : 255.255.192.0
  Default Gateway . . . . . . . . . : 10.138.0.1


When I try to create the tunnel with

netsh interface ipv6 add v6v4tunnel IP6Tunnel 10.138.1.201 216.66.80.26



PS C:\Windows\system32> ipconfig /all

Windows IP Configuration

  Host Name . . . . . . . . . . . . : reviczky-PC
  Primary Dns Suffix  . . . . . . . :
  Node Type . . . . . . . . . . . . : Broadcast
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : customer.arcade.opal.lan

Wireless LAN adapter Wireless Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Conn
  Physical Address. . . . . . . . . : 00-16-6F-3D-07-FD
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
  Physical Address. . . . . . . . . : 00-16-41-20-24-FE
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . : customer.arcade.opal.lan
  Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
  Physical Address. . . . . . . . . : 00-15-60-B4-61-BC
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::bc0a:ae65:9b67:2f5e%11(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.138.1.201(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.192.0
  Lease Obtained. . . . . . . . . . : 24 April 2010 07:07:44
  Lease Expires . . . . . . . . . . : 24 April 2010 18:15:14
  Default Gateway . . . . . . . . . : 10.138.0.1
  DHCP Server . . . . . . . . . . . : 10.138.0.1
  DHCPv6 IAID . . . . . . . . . . . : 184554848
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-06-12-C9-00-15-60-B4-61-BC
  DNS Servers . . . . . . . . . . . : 10.138.0.1
  NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 27:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Direct Point-to-point Adapater
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes


And therefore I can't add the address and the route:

PS C:\Windows\system32> netsh interface ipv6 add address IP6Tunnel 2001:470:1f08:9db::2
The filename, directory name, or volume label syntax is incorrect.


PS C:\Windows\system32> netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f08:9db::1
The filename, directory name, or volume label syntax is incorrect.


netstat shows

PS C:\Windows\system32> netstat -nr
===========================================================================
Interface List
14...00 16 6f 3d 07 fd ......Intel(R) PRO/Wireless 2200BG Network Connection
13...00 16 41 20 24 fe ......Bluetooth Device (Personal Area Network)
11...00 15 60 b4 61 bc ......Broadcom NetXtreme Gigabit Ethernet
 1...........................Software Loopback Interface 1
55...00 00 00 00 00 00 00 e0 Microsoft Direct Point-to-point Adapater
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0       10.138.0.1     10.138.1.201     20
      10.138.0.0    255.255.192.0         On-link      10.138.1.201    276
    10.138.1.201  255.255.255.255         On-link      10.138.1.201    276
   10.138.63.255  255.255.255.255         On-link      10.138.1.201    276
       127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
       127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
 127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
       224.0.0.0        240.0.0.0         On-link      10.138.1.201    276
 255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
 255.255.255.255  255.255.255.255         On-link      10.138.1.201    276
===========================================================================
Persistent Routes:
 None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
 1    306 ::1/128                  On-link
11    276 fe80::/64                On-link
11    276 fe80::bc0a:ae65:9b67:2f5e/128
                                   On-link
 1    306 ff00::/8                 On-link
11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination      Gateway
 0 4294967295 ::/0                     2001:470:1f08:9db::1
 0 4294967295 ::/0                     2001:470:1f08:9db::1
===========================================================================


I have played around with some IPv6 policies and teredo options, so it might be that I set some options around that, or I must have disabled something.
Otherwise maybe the recent installations of VPN clients and Packet sniffers must have done this.

I would appreciate some help,
Adam

jimb

Looks like it can't find netsh based on those error messages.

reviczky

netsh works and the it doesn't give me an error when I create the tunnel interface, it just doesn't do it.


PS C:\Windows\system32> netsh /?

Usage: C:\Windows\System32\netsh.exe [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]UserName] [-p Passw
ord | *]
             [Command | -f ScriptFile]

The following commands are available:

Commands in this context:
?              - Displays a list of commands.
add            - Adds a configuration entry to a list of entries.
advfirewall    - Changes to the `netsh advfirewall' context.
branchcache    - Changes to the `netsh branchcache' context.
bridge         - Changes to the `netsh bridge' context.
delete         - Deletes a configuration entry from a list of entries.
dhcpclient     - Changes to the `netsh dhcpclient' context.
dnsclient      - Changes to the `netsh dnsclient' context.
dump           - Displays a configuration script.
exec           - Runs a script file.
firewall       - Changes to the `netsh firewall' context.
help           - Displays a list of commands.
http           - Changes to the `netsh http' context.
interface      - Changes to the `netsh interface' context.
ipsec          - Changes to the `netsh ipsec' context.
lan            - Changes to the `netsh lan' context.
mbn            - Changes to the `netsh mbn' context.
namespace      - Changes to the `netsh namespace' context.
nap            - Changes to the `netsh nap' context.
netio          - Changes to the `netsh netio' context.
p2p            - Changes to the `netsh p2p' context.
ras            - Changes to the `netsh ras' context.
rpc            - Changes to the `netsh rpc' context.
set            - Updates configuration settings.
show           - Displays information.
trace          - Changes to the `netsh trace' context.
wcn            - Changes to the `netsh wcn' context.
wfp            - Changes to the `netsh wfp' context.
winhttp        - Changes to the `netsh winhttp' context.
winsock        - Changes to the `netsh winsock' context.
wlan           - Changes to the `netsh wlan' context.

The following sub-contexts are available:
advfirewall branchcache bridge dhcpclient dnsclient firewall http interface ipsec lan mbn namespace nap netio p2p ras r
pc trace wcn wfp winhttp winsock wlan

To view help for a command, type the command, followed by a space, and then
type ?.


jimb

#3
OK.  The last message made it look like it couldn't find it.

Generally under windows I find you have to delete the interface and basically "re-do" it.

netsh int ipv6 delete interface IP6Tunnel

That should get rid of the interface, associated addresses and routes.

Then do the creation commands again and it should work.

EDIT: OK I looked at your message closer and I see now that it looks like it's not creating the 6in4 interface.  Not sure what's going on here.  Maybe the VPN client screwed up ipv6?  You may want to do "netsh int ipv6 install" again or something like that.

reviczky


PS C:\Windows\system32> netsh int ipv6 delete interface IP6Tunnel
The filename, directory name, or volume label syntax is incorrect.


The problem is that when I try to create the tunnel IP6Tunnel then it creates something called "Local Area Connection* 27" rather then IP6Tunnel.

jimb

Quote from: reviczky on April 24, 2010, 11:20:00 AM

PS C:\Windows\system32> netsh int ipv6 delete interface IP6Tunnel
The filename, directory name, or volume label syntax is incorrect.


The problem is that when I try to create the tunnel IP6Tunnel then it creates something called "Local Area Connection* 27" rather then IP6Tunnel.

Yeh I edited my response above.  Looks like windows is hosed up or something.  Not sure what to do here.  Maybe try "netsh int ipv6 uninstall" then "netsh int ipv6 install" or something.  Or try a different interface name just to see if it will create the tunnel vnic.

reviczky

There is no command like uninstall or install.


PS C:\Windows\system32> netsh int ipv6 uninstall
The following command was not found: int ipv6 uninstall.



netsh interface ipv6>help

The following commands are available:

Commands inherited from the netsh context:
..             - Goes up one context level.
abort          - Discards changes made while in offline mode.
add            - Adds a configuration entry to a list of entries.
advfirewall    - Changes to the `netsh advfirewall' context.
alias          - Adds an alias.
branchcache    - Changes to the `netsh branchcache' context.
bridge         - Changes to the `netsh bridge' context.
bye            - Exits the program.
commit         - Commits changes made while in offline mode.
delete         - Deletes a configuration entry from a list of entries.
dhcpclient     - Changes to the `netsh dhcpclient' context.
dnsclient      - Changes to the `netsh dnsclient' context.
exit           - Exits the program.
firewall       - Changes to the `netsh firewall' context.
http           - Changes to the `netsh http' context.
interface      - Changes to the `netsh interface' context.
ipsec          - Changes to the `netsh ipsec' context.
lan            - Changes to the `netsh lan' context.
mbn            - Changes to the `netsh mbn' context.
namespace      - Changes to the `netsh namespace' context.
nap            - Changes to the `netsh nap' context.
netio          - Changes to the `netsh netio' context.
offline        - Sets the current mode to offline.
online         - Sets the current mode to online.
p2p            - Changes to the `netsh p2p' context.
popd           - Pops a context from the stack.
pushd          - Pushes current context on stack.
quit           - Exits the program.
ras            - Changes to the `netsh ras' context.
rpc            - Changes to the `netsh rpc' context.
set            - Updates configuration settings.
show           - Displays information.
trace          - Changes to the `netsh trace' context.
unalias        - Deletes an alias.
wcn            - Changes to the `netsh wcn' context.
wfp            - Changes to the `netsh wfp' context.
winhttp        - Changes to the `netsh winhttp' context.
winsock        - Changes to the `netsh winsock' context.
wlan           - Changes to the `netsh wlan' context.

Commands inherited from the netsh interface context:
6to4           - Changes to the `netsh interface 6to4' context.
httpstunnel    - Changes to the `netsh interface httpstunnel' context.
ipv4           - Changes to the `netsh interface ipv4' context.
ipv6           - Changes to the `netsh interface ipv6' context.
isatap         - Changes to the `netsh interface isatap' context.
portproxy      - Changes to the `netsh interface portproxy' context.
set            - Sets configuration information.
show           - Displays information.
tcp            - Changes to the `netsh interface tcp' context.
teredo         - Changes to the `netsh interface teredo' context.

Commands in this context:
6to4           - Changes to the `netsh interface ipv6 6to4' context.
?              - Displays a list of commands.
add            - Adds a configuration entry to a table.
delete         - Deletes a configuration entry from a table.
dump           - Displays a configuration script.
help           - Displays a list of commands.
isatap         - Changes to the `netsh interface ipv6 isatap' context.
reset          - Reset the IP configurations.
set            - Sets configuration information.
show           - Displays information.

The following sub-contexts are available:
6to4 isatap

To view help for a command, type the command, followed by a space, and then
type ?.


any other ideas?

jimb

#7
Not really.  I guess this is Vista or Win7.  I'm basing this on XP which has those commands.  I guess vista/7 doesn't.  

Reinstall windows?   :P

But seriously, it wouldn't surprise me if the VPN client screwed things up.  I have wireshark/pcap installed on my XP box here and it doesn't effect ipv6 (presuming that's the sniffer you're speaking of).  

Which VPN client?  You could always try uninstalling it and see if it works again.

EDIT: I notice now that you said it was Win7.  So yeah.

You could also try to do the ipv6 reset command and see if that changes anything.  At this point it looks like a "Windows issue".  I'm not really that deeply familiar with Win7, so maybe someone here that has it can help.

reviczky

I've tried it with different interface names and also with the interface ID but no luck.


PS C:\Windows\system32> netsh interface ipv6 add v6v4tunnel NewName 10.138.1.201 216.66.80.26

PS C:\Windows\system32> ipconfig

Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : customer.arcade.opal.lan
   Link-local IPv6 Address . . . . . : fe80::bc0a:ae65:9b67:2f5e%11
   IPv4 Address. . . . . . . . . . . : 10.138.1.201
   Subnet Mask . . . . . . . . . . . : 255.255.192.0
   Default Gateway . . . . . . . . . : 10.138.0.1

Tunnel adapter Local Area Connection* 27:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :



PS C:\Windows\system32> netsh interface ipv6 add v6v4tunnel 11 10.138.1.201 216.66.80.26

PS C:\Windows\system32> ipconfig

Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : customer.arcade.opal.lan
   Link-local IPv6 Address . . . . . : fe80::bc0a:ae65:9b67:2f5e%11
   IPv4 Address. . . . . . . . . . . : 10.138.1.201
   Subnet Mask . . . . . . . . . . . : 255.255.192.0
   Default Gateway . . . . . . . . . : 10.138.0.1

Tunnel adapter Local Area Connection* 27:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :


N.B.: I've deleted the tunnels each time before trying to create a new one.

reviczky

Here is what I've installed after I had IPv6 working.

"Cisco Systems VPN Client 5"

as well as

"URL Snooper"
"WinPcap"
"Jaksta"

But by now I have disabled them all and the tunneling still doesn't work.

jimb

See edits in my last post.

Did you tunnel stop working after you installed the VPN client?  The sniffer?  Try uninstalling.  If it works again then you know who to yell at, if nothing else.  :)

jimb

Quote from: reviczky on April 24, 2010, 11:34:51 AM
Here is what I've installed after I had IPv6 working.

"Cisco Systems VPN Client 5"

as well as

"URL Snooper"
"WinPcap"
"Jaksta"

But by now I have disabled them all and the tunneling still doesn't work.

Well, on XP at least, WinPcap doesn't hurt IPv6.  I doubt the other applications would either.

The Cisco VPN client is the most likely culprit.  Disabling them doesn't mean deinstalling them.  Unless you mean deinstalling.

Another thing you might try is to go into some control panel and disable ipv6, hit OK, then go back in and enable it again.  Sometimes windows needs to be "nudged" when config changes are made (as the VPN client probably dorked around with the network stack a lot).

reviczky

I've tried the ipv6 reset and that didn't help. Also I've tried to disable IPv6 restart and enable it again, but that did not help either.

I don't know if it is because of these programs, those are just the programs I have installed after I had IPv6 working, and now it's not working.
I also changed some policies and registry entries but I think I have reverted them all now.

So I really don't know what I did so that it is not working by now :-/.

I will try do deinstall Cisco VPN Client but It might be that I've installed that just before I've tried the IPv6 stuff, so maybe that's not the problem.

jimb

Yeah as I said, the VPN client would be the most likely, since it would do the most changes to the network stack on the computer, installing likely a virtual NIC and some other stuff that it'd shim into the proto stack.

May want to google around and see if you can find out if this is a known issue.

Second most likely is winpcap, since that also puts something into the network stack, but as I said, under XP it doesn't do any harm, but YMMV since you're using win7 which is still a new OS that developers aren't as familiar with, etc.

reviczky

You where right!

I have deinstalled the Cisco VPN Client (version 5.0.07.0290) and now IPv6 works again.

Thanks for you help,
Adam